Office printers spew reams of garbage as 2-year-old Trojan runs wild

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns.

A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at affected organisations.

The malware is programmed to generate print jobs featuring reams of garbage characters from infected PCs until connected printers run out of paper.

The Milicenso Trojan – first detected in 2010 – has previously been used to distribute adware targeting French-speaking users. In these cases, users of infected machines get deluges with dodgy pop-up ads and other crud.

In a blog post published on Thursday, Symantec describes Milicenso as a "malware delivery vehicle for hire". The malware is typically distributed in either infected email attachments or malicious scripts on often otherwise legitimate websites. These scripts push malware under the guise of video codecs supposedly "needed" to view content on compromised sites, and other similar ruses.

Symantec reckons the massive print jobs associated with the latest outbreak of the Trojan are a "side effect" of the infection rather than the main goal of the cybercrooks behind the outbreak.

A blog post by the security firm explains how massive print runs are generated from infected machines. Printed files contain what appears to humans as gibberish because they are sourced from files in the virus's main directory, as Symantecexplains.

During the infection phase, a .spl file is created in [DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl. Note the Windows’ default print spooler directory is %System%\spool\printers. The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.

The annoying and wasteful garbage printing behaviour will obviously draw attention towards infected machines while making malware removal a top priority – something cybercrooks normally go to great pains to avoid. The latest strain of the Milicenso Trojan, like others before it, is programmed to redirect surfers through various ad-related websites. "In our investigation, we observed various French sites being displayed at the end of the redirect chain," Symantec reports.

Those distributing the malware are likely doing so in order to get their slice of online advertising revenues dishonestly generated through the Trojan, which is likely to be a lot less than might otherwise be the case thanks to the paper-spewing side effect associated with the latest strain of the Milicenso Trojan.

It’s alright, Twitter users. We can all breathe again. The major microblogging site mysteriously went offline mid-day Thursday, and Silicon Valley reps now say that a bug was the culprit behind the crash. Some hackers, however, say otherwise.

On the record, Twitter says that the major malfunction that crippled the social media site on Thursday can be blamed on a “cascading bug,” a glitch that Vice President of Engineering Mazen Rawashdeh explains as being able to quickly spread throughout several elements that make the site run, causing the entire network to crash. In a blog post published late Friday, Rawashdeh writes that neither an overload of traffic nor an attack from hackers hindered the site, and that the company is“currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future.”

According to some Twitter users, though, the company is just trying to cover up for a cleverly orchestrated distributed denial of service (DDoS) attack, a maneuver that overloads servers with constantly accumulating traffic until the computers can no longer handle the demand. The Underground Nazi Hacktivist Group, or UGNazi, is crediting themselves with taking Twitter offline.

“We just #TangoDown'd twitter.com for 40 minutes worldwide!”reads a tweet from the hacktivist group sent out on Tuesday during the midst of the massive crash, which in some areas lasted for over an hour. An administrator of the @UG account followed up the claim on Friday, writing,“When a company has the chance of deniability, they will take the chance to do so.”

In an email sent to Computerworld and other websites, a representative claiming to be a member of the UGNazi hacking group once more assumed responsibility, claiming that the collective was indeed involved in the crash and was able to cause it by way of a DDoS assault. In an excerpt from a separate email published by Computerworld, an UGNazi member says that the attack was made on the site due to Twitter’s support of the controversial Cyber Intelligence Sharing and Protection Act, or CISPA.

"Twitter supports the CISPA bill and we wanted to show what we really are capable of,"reads the message.

According to InformationWeek.com — who also received the email — the message continues, “Twitter moved to multiple servers today to try and migrate [sic] the attack . . . It was not a bug."

On UGNazi.com, the group claims to have targeted Comcast, NASDAQ, BP and Google in the past.

Responding to the latest claim, Garnet security analyst Lawrence Pingree tells Computerworld,"If a company is being taken down by a third party, I don't really see them blaming themselves.”

“Are [hacking groups] capable? Yeah. Denial of service isn't something you can completely stop [but] it's hard to say if there was an attack,”he adds.

In the past, DDoS attacks credited to hacktivists aligned with the Anonymous collective have crippled the website for the Central Intelligence Agency, the US Department of Justice, Universal Music Group, the US Copyright Office, Warner Music, BMI, and the Recording Industry Association of America (RIAA). Jay Leiderman, a California-based attorney that has represented alleged Anonymous activist Commander X, has equated DDoS attacks as being on par with a“digital sit-in.”

"Ultimately, the only organization that knows the truth is Twitter, and there is no reason to believe the statements they have made are not true,"Chet Wisniewski, senior security adviser at Sophos, adds to ComputerWorld."It is difficult to determine the exact nature of the outage from the outside, but my personal experiences during the outage are more consistent with Twitter's explanation."

The virus can not only steal data but disrupt computers by removing critical files, says a Symantec researcher.

The infamousFlame viruscan delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.

Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.

But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.

"These guys have the capability to delete everything on the computer," Thakur said, according to Reuters. "This is not something that is theoretical. It is absolutely there."

If true, Flame can be used as a weapon against nations to attack vital infrastructure systems, such as dams, chemical plants, and manufacturing facilities, Reuters added. And it could have beenused as a weapon against Iranthis past April.

Boldizsar Bencsath, an expert on cyber warfare with Hungary's Laboratory of Cryptography and System Security, told Reuters that there was at least a 20 percent chance that Flame was behind the attack against Iran.

Reportedly discovered by Kaspersky Labs, Flametargeted Iran and countries in the Middle Eastby infecting a host of computers across the region. CEO Eugene Kaspersky compared the new malware to its Stuxnet predecessor and said it seemed to be state-sponsored.

Some reports have namedUnited States and Israel as the sourcesbehind Flame.

In response, the U.S. has remained mum.Israel has denied any involvementdespite comments by prime minister Moshe Ya'alon that countries concerned about Iran's nuclear program might use such cyberattacks "to harm the Iranian nuclear project."

Can the Wii U fix Nintendo's problems, or will the company have to do something more drastic?

Nintendo is one of the most iconic companies in gaming, but it faces the real possibility of oblivion if it doesn't find a way to turn its fortunes around.

In October 2007, less than a year after the release of its blockbusterWiiconsole, Nintendo was worth $78.50 per share. That equated to amarket cap of $85 billion-- double the value of Sony at the time.

However, Nintendo's fortunes have only gone south since then. With Wii sales cooling and mobile apps the hot trend in gaming, Nintendo's stock collapsed this month to $14.50 per share, leaving it with a market cap of just $14.8 billion, a fifth of its value in 2007.

Super Mario just isn't so super anymore.

What happened to Nintendo, a company that has been around for 123 years? A variety of trends have dramatically changed the gaming industry over the last 5 years:

Mobile gaming is growing. Nearly half of smartphone users say they play a mobile game daily. That's great for Apple, but not so great for Nintendo, which has yet to release a game for iOS orAndroid.

The Nintendo 3DS, the company's most recent handheld gaming device,failed to meet expectations, forcing Nintendo to cut its price to boost sales. Sales arenow picking up, but it's simply not generating as much revenue as Nintendo had hoped.

Dubbed the Nintendo 3DS XL, the device delivers the same glasses-free 3D experience as its predecessor, the 3DS, but comes with much larger screens.According to Nintendo, the upper display will come in at 4.88 inches, while the lower screen will be 4.18 inches. The 3DS currently has a 3.53-inch upper display and a 3.01-inch lower screen.

Rumors had been swirling for quite some time that Nintendo was planning to launch a 3DS with larger screens. However, last week, gaming iconShigeru Miyamoto tried throwing reporters off the scentwhen he told IGN in an interview that he was "satisfied with the 3DS hardware as it is," adding Nintendo was already working on its successor to the handheld.

With larger screens comes a heftier price tag for the 3DS XL. The bigger version will be available for $199.99, up from the current $169.99 price tag for the 3DS. However, the 3DS XL will come with a 4GB memory card to sweeten the pot a bit.

One of the most surprising things about the 3DS XL, however, might be what Nintendo left out: the second analog stick. After the 3DS launched with only one thumbstick, developers complained that it limited their ability with the device. To address that issue,Nintendo earlier this year launched the 3DS Circle Pad Pro for $20, which effectively hooks on to the handheld to add a second thumbstick. With the XL, Nintendo had every opportunity to include a second thumbstick, but has apparently decided against it.

Nintendo's 3DS XL is launching in North America on August 19. Nintendo plans to launch New Super Mario Bros. 2 on the same day.

At its Worldwide Developer Conference, Apple CEO Tim Cooksaid that the App Store would be hitting another 32 countriesby month's end. Now it looks like the company is making good on its promise.

Apple on Thursday expanded the App Store's reach to 32 new territories in Africa, Europe, and the Asia-Pacific region, 9to5Macreported, citing an email sent to registered iOS and Mac developers. At this point, a total of 155 territories have access to the App Store.

At WWDC, Cook also said that the App Store, which launched in 2007, now has 650,000 apps, 225,000 of which were developed for iPad. Users have downloaded 30 billion apps, resulting in $5 billion paid to developers.

The App Store officiallyhit the 25 billion app download markin March. Apple awarded Chunli Fu of Qingdao, a city in eastern China, a $10,000 prize for being the 25 billionth app customer. Fu had downloaded a free version of Disney's physics-based puzzle game Where's My Water?

So far, 6.5 million users ofLinkedInand 1.5 millioneHarmonysubscribers had their password hashes uploaded to a hacking forum on the InsidePro website, although security experts suspect that many more accounts may have been compromised.

Meanwhile, streaming music service Last.fm Thursday confirmed that it's "currently investigating the leak of some Last.fm user passwords." While it didn't detail how many of its 40 million users might be affected,security experts thinkabout 17.3 million MD5 unsalted hashes were stolen, that 16.4 million have already been cracked, and that the breach may date from 2010 or 2011.

Needless to say, all three sites have recommended that every one of their users change their password on the site--just in case. But what's the best type of password to pick? Here are 7 best practices:

Saturday, June 9, 2012

The first WiFi products running over the 60GHz band will not include routers.

The next year and a half will see big advancements in WiFi technology, with much faster routers to replace the ones you use today, and a new class of devices to support an incredible 7Gbps speed and clear a lot of the cable clutter out of your house.

The advancements will come in the form of two new technologies—802.11ac for whole-home routers using the 5GHz band, and 802.11ad for short-distance, high-speed transfers over the 60GHz band—that are at different stages of development, with the latter being on a slower track. The WiFi Alliance expects to certify 802.11ac products in early 2013, but the timeline for 802.11ad is a lot more iffy. The soonest 802.11ad products would be certified is late 2013, and even then the first certifications may not include routers or modems, WiFi Alliance Marketing Director Kelly Davis-Felner told Ars.

Many of the use cases for 7Gbps connections over the 60GHz band will be point-to-point, like streaming video from a handheld device to a TV or transferring tons of data without a cable. The ultimate goal is to have 60GHz connections co-exist alongside 2.4GHz and 5GHz ones in tri-band routers, but it's looking like the first 60GHz products won't include access points.

The WiFi Alliance has decided that point-to-point connections will be enough to get started—routers will come, but they're not crucial enough to hold up certification.

"If we need to define a station-only certification program—so not including access points—we are able to do that," Davis-Felner said, describing it as a method of preventing the certification program from being delayed any further than late 2013. "We took a decision and said, 'we're not going to wait for access points if everything else is ready to roll.'"

A number of vendors need to build 60GHz implementations before the WiFi Alliance can start holding plugfests and develop a certification program. It's still early, so end-user devices and access points could end up on the same schedule, but Davis-Felner said she's not counting on it.

Wireless evolution

As Davis-Felner mentioned, WiFi is evolving to the point where routerless use cases become viable. Separately, The WiFi Alliance is working on a program called Miracast that will negotiate connections between devices for streaming media without the need for a pre-existing WiFi network or wireless router. Miracast is initially designed for the 2.4GHz and 5GHz bands but could conceivably run over the 60GHz band in the future. We'll have more to say on Miracast in an upcoming article.

Although certification for 802.11ad isn't happening anytime soon, the chipmaker Wilocity is sampling 60GHz technology to device-makers now and says notebooks supporting 60GHz transmission will ship in the second half of 2012, well before certification officially begins. Wilocity's VP of Marketing Mark Grodzinsky confirmed that the first products aren't likely to include routers. Instead, you might see an 802.11ad-enabled notebook bundled with a remote "DockingZone" that has interfaces like Gigabit Ethernet, eSATA, and USB 3.0.

Because of the 60GHz band's shorter range, 802.11ad products will be designed for transfers and streaming that happen within a single room rather than a whole building. Laptops are getting much thinner, a trend that is pleasing overall but reduces the number of ports on the device. A special wireless card for the notebook and the remote docking station could solve this problem, or at least that's what Wilocity is hoping.

Once the market has been seeded with the appropriate devices, adoption in access points is likely to follow. Chipset shipments for tri-band routers are expected to gain steam in 2013 and become a big part of the market in 2014 and beyond, according to ABI Research data quoted by the WiFi Alliance.

Although 802.11ad supports bandwidth up to 7Gbps, Wilocity's initial chips will go up to 4.6. That's high enough to nearly match USB 3.0—going higher requires tradeoffs in variables such as price and power consumption. Wilocity has partnered with Qualcomm to combine 802.11n, 802.11ad, and Bluetooth 4.0 into a single chipset.

High speed and power efficiency

They aren't the only ones building 60GHz technology. Scientists at the Nanyang Technological University and A*STAR's Institute for Infocomm Research in Singapore have been working on such a project since December 2009 and recently said they've developed a microchip that can transmit data at up to 2Gbps. That is less than half of Wilocity's planned speed, but the researchers say their technology is extraordinarily power-efficient. They have obtained 16 patents.

"Our chipset was designed primarily for portable devices such as smartphones, where power consumption is very critical … Existing solutions have achieved higher data rate at the expense of large power consumption, which is not suitable for mobile phones," Nanyang Professor and Project Leader Yeo Kiat Seng told us via e-mail.

Seng said the product is ready for commercialization, and the team is looking for phone and computer makers to install the chips in consumer products. Wireless syncing, file transfer, and big-screen display are among the various cable replacement scenarios the team is aiming for.

As noted earlier, there are tradeoffs between power and speed. "Some of the modulation schemes are faster and consume a little bit more power, which makes sense," Grodzinsky said. "If you wanted to do a lower-power product, one way to do that is to scale back a little bit."

For both 802.11ac and 802.11ad, vendors are entering "market creation mode," as Grodzinsky called it. Early devices supporting the new standards will hopefully pique consumer interest, leading to development of more products. If there's a heavy interest in end-user devices supporting 60GHz wavelength, the routers will follow.

60GHz standard almost done, but not all chipmakers ready to release silicon